2 files changed, 24 insertions, 2 deletions

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index e18020fe4..ee1c9c280 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -1017,6 +1017,9 @@ void krb5_free_etype_info
 krb5_error_code
 krb5int_copy_data_contents (krb5_context, const krb5_data *, krb5_data *);
 
+krb5_error_code
+krb5int_copy_creds_contents (krb5_context, const krb5_creds *, krb5_creds *);
+
 typedef krb5_error_code (*krb5_gic_get_as_key_fct)
     (krb5_context,
 		     krb5_principal,
diff --git a/src/lib/krb5/krb/copy_creds.c b/src/lib/krb5/krb/copy_creds.c
index 9f1429c08..9fdf9a67d 100644
--- a/src/lib/krb5/krb/copy_creds.c
+++ b/src/lib/krb5/krb/copy_creds.c
@@ -38,11 +38,31 @@ krb5_copy_creds(krb5_context context, const krb5_creds *incred, krb5_creds **out
 {
     krb5_creds *tempcred;
     krb5_error_code retval;
-    krb5_data *scratch;
 
     if (!(tempcred = (krb5_creds *)malloc(sizeof(*tempcred))))
 	return ENOMEM;
 
+    retval = krb5int_copy_creds_contents(context, incred, tempcred);
+    if (retval)
+	free(tempcred);
+    else
+	*outcred = tempcred;
+    return retval;
+}
+
+/*
+ * Copy contents of input credentials structure to supplied
+ * destination, allocating storage for indirect fields as needed.  On
+ * success, the output is a deep copy of the input.  On error, the
+ * output structure is garbage and its contents should be ignored.
+ */
+krb5_error_code
+krb5int_copy_creds_contents(krb5_context context, const krb5_creds *incred,
+			    krb5_creds *tempcred)
+{
+    krb5_error_code retval;
+    krb5_data *scratch;
+
     *tempcred = *incred;
     retval = krb5_copy_principal(context, incred->client, &tempcred->client);
     if (retval)
@@ -73,7 +93,6 @@ krb5_copy_creds(krb5_context context, const krb5_creds *incred, krb5_creds **out
     if (retval)
         goto clearticket;
 
-    *outcred = tempcred;
     return 0;
 
  clearticket: